Is cookie legislation enough to protect your privacy?

August 27, 2012

Recent European Union legislation has decreed that from 26th May 2012, websites that use ‘cookies’ are required to tell users that this is happening and how the cookies are being used. The legislation represents an important step in helping internet users to protect their privacy when they go online. However, this poses some bigger questions, such as who actually is using your data, what data do they have access to, what is your data being used for and is the recent cookie legislation actually enough?

Cookies

So what are cookies? Cookies are small text files that basically link your computer to your use of a certain website. They can be used for fairly benign purposes, such as storing your preference to remain logged in to a website when you can’t be bothered having to re-enter your email address or retype your password every time you go online (most websites that use cookies tend to need them for only this purpose), but they can also help organisations generate more complex information about what you do.

Behavioural Tracking

One of the big things that the internet has allowed people to do in recent years is enable highly complex tracking of human behaviour. This has a variety of applications, which can be considered positive, negative or neutral depending on who you are talking to. A lot of the time this information is used for market research, and provides information for marketers which can be very useful for them in getting to know their target audiences. One example is the ‘visitor interest reports’ offered by advertising.com which track not only the fact that you have visited a certain website, but which also track the websites you visit afterwards.

Another way in which it can be used as a marketing tool is to enable Lead Forensics to do what they claim to do. Endorsed by Dragon’s Den’s Doug Richard, Lead Forensics purports to be able to identify internet users that visit your site and provide subscribers to their service with the users’ details, presumably so that you can then cold call them or send them promotional material via email.

Behavioural tracking is a science that has become highly sophisticated in recent years, and with the introduction of smartphones, allows for far more complex profiles of your behaviour to be developed, moving from simply identifying interest trends of users of specific websites, to looking at the behaviours, tastes, movements and personal health of entire groups in society.

Professor Alex ‘Sandy’ Pentland of MIT has been advancing the science further. Back in 1997 he was named one of 100 Americans likely to shape the 21st century in Newsweek. More recently, his ‘reality mining’ technology was declared to be one of “10 technologies most likely to change the way we live” by Technology Review Magazine. Reality mining creates computer models of the movements of people and provides data on what kind of bars they like to go to, where they like to shop, what recreational activities they like to take part in and enables for the cross referencing of this information to create a comprehensive picture of a user and their day to day habits.

The technology is designed to make it easy to predict people’s movements and ultimately their behaviour. It has potential benefits in that it can identify groups that may be more prone to particular health issues than others, but the range of applications for which it can be used is enormous. He described it in more detail when he appeared on Channel 4’s Brave New World with Stephen Hawking program.

Admittedly Pentland’s research is all conducted on a volunteer basis and the data that he collects all comes from a special app that his team have developed which has been downloaded by the volunteers. However, other ‘data miners’ may not be so transparent. Gary Kovacs, CEO of the Mozilla Corporation spoke at a TED Conference in May about the number of sites that take your data, pass it to other sites who then in turn pass it to yet more sites, generally without your consent. The result is very surprising and you need to see it for yourself here. He also described a Firefox add on that does its best to track what sites are tracking you. The add-on is called Collusion, and you can download it here.

Woah, scary – so what else can they do?

Behavioural tracking technology paints a very cyberpunk image of the world, but all this seems quite banal in comparison to the technologies that were uncovered by Wikileaks in December of 2011 named “The Spy Files”. This launch of information by the controversial news source names a large number of companies involved in the global mass surveillance industry and describes some of the technologies that are on sale not only to governments for intelligence gathering purposes, but also to mobile phone network operators and other large private organisations.

These include technologies for internet monitoring, mobile phone monitoring, placing trojans into computer systems, speech analysis, SMS monitoring and GPS monitoring, and they generate large amounts of money each year in a largely unregulated industry. One piece of technology I find particularly intriguing is an undetectable mobile phone app that can turn your phone into a microphone and remains active even when your phone is switched off, so if you find that your phone’s battery suddenly starts losing charge very quickly even when switched off, then best not make any plans to organise any terrorist attacks (to be fair, don’t do that anyway).

Julian Assange has also been quoted as saying that various lawmakers and intelligence organisations have special logins to Facebook that give them access to anyone’s profile in the world, including their private messages.

That’s it! I’m throwing my computer and phone in the bin and I’m off to live in a shed in the mountains

So to answer the original question: is your computer spying on you? The answer is that the technology for it to be doing so definitely exists. That said, the fact that the technology exists does not necessarily mean it is being used on you, never mind for sinister purposes. However, to answer the other question of whether the recent cookie legislation is enough to protect our privacy, then the answer may be ‘no’. At the moment a very high tech and sophisticated industry is creating some very interesting products but, due to the nascent (and also somewhat complicated) nature of the industry, may not be being regulated as effectively as it should be.

Obviously the existence of these technologies provides a feast of inspiration for conspiracy theorists, but it is also worth bearing in mind that legislation needs to stay up to date and not let use of certain technologies go wild. Web browsers have supported cookies since 1994. It may be wise to consider regulation of certain other technologies sooner than 18 years into their usage.